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APPEAL BRIEF 



Honorable Director of Patents and Trademarks 
PO Box 1450 

Alexandria, VA 22313-1450 
Dear Sir: 

This appeal is from the Examiner's final Office Action mailed September, 4 2007 
in which all pending claims (namely Claims 1-13, 15-20, 23-25, 27 and 29-31) were 
rejected. A timely Notice of Appeal was filed with the required fee on November 5, 2007. 

This brief is being filed along with the required $510 fee pursuant to 37 C. F. R. § 
41.20(b)(2). The necessary Petition for Extension of Time and its fee of $460 is also 
being submitted herewith . 

fi) Real Party in Interest 

This application is assigned to Nortel Networks Limited. The assignments are recorded 
at Reel 012437, Frame 0452 et al. 



fii) Related Appeals and Interferences 



There are no related appeals or interferences. 
(jiji Status of Claims 

This application was filed with claims 1 to 28. Claims 14, 21, 22, 26 and 28 have been 
cancelled. In the responses of June 20, 2005, October 10, 2005, June 8, 2006, 
December 8, 2006 and July 16, 2007 claims 1. 6, 11, 18, 24, 25 and 27 were each 
amended at least once. Claims 29 to 31 were added in the response of June 8, 2006. 
The remaining claims are as originally filed. All currently pending claims are rejected. 
Claims 1-13, 15-20, 23-25, 27 and 29-31 are the claims appealed. 

M Status of Amendments 

No amendment or response was filed subsequent to the September 4, 2007 final Office 
Action, 

(v) Summary of Claimed Subject Matter 

The invention as presently claimed is concerned with use of a middlebox-identity- 
providing node separate from the middlebox control node. The middlebox-identity- 
providing node determines the identity of the middlebox to which an entity is connected 
and transmits this identity to a middlebox control node. 

In this way the middlebox control node is enabled so that it can send control messages to 
the correct middlebox for an entity. All the middleboxes falling within the presently 
claimed invention are connected to entities in different address realms and may be used, 
for example to convert the addresses of one address realm to that of another address 
realm. 

It is well known that an entity, to request a connection to be set up with another entity, 
transmits a control message to the other entity, fn the instance where middleboxes are 
used the control message is transmitted via a call server as shown in Figure 1 . Usually, 
the call server contains all the information about middleboxes they require and uses this 
information to control the middlebox so that it performs the required tasks. 
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In the present invention the need for the middlebox control node to maintain the 
information about the middleboxes is negated. Instead a middlebox-identity-providing 
node that is separate from the control node is provided (page 9 lines 14 to 17). This 
means that the node responsible for obtaining information about the middleboxes can be 
located nearer to the endpoints that they provide information about. This means that 
changes to the network do not require changes in the control node but rather the 
middlebox-identity-providing node can be reconfigured. In this way the flexibility of the 
network is greatly increased. 

The information from the middlebox-identrry-providing node can be sent to the middlebox 
control node by, for example, adding the middlebox identity to a control message which 
may be an SDP message. 

fvn Grounds of Rejection To Be Reviewed on Appeal 
There are 5 rejections at issue: 

1. the rejection of claims 1 to 3, 6 to 12, 15, 16, 18, 19, 23 to 25 and 27 under 35 USC § 
103(a) as being unpatentable over Xu (US Publication 2002/0114322) in view of 
Huitema (IETF Working Document "MIDCOM Scenarios"), further in view of Solle (US 
Publication 2003/0009561); 

2. the rejection of claims 4, 5, 20 and 29 under 35 USC § 103(a) as being unpatentable 
overXu (US Publication 2002/0114322) in view of Huitema (IETF Working Document 
"MIDCOM Scenarios"), further in view of Solle (US Publication 2003/0009561) and 
further in view of Handley (IETF Working Document RFC2327 "SDP: Session 
Description Protocol"); 

3. the rejection of claim 13 under 35 USC § 103(a) as being unpatentable over Xu (US 
Publication 2002/0114322) in view of Huitema (IETF Working Document "MIDCOM 
Scenarios"), further in view of Solte (US Publication 2003/0009561) and further in 
view of Srisuresh (IETF Working Document "Middlebox Communication Architecture 
and Framework"); 

4. the rejection of claim 17 under 35 USC § 103(a) as being unpatentable over Xu (US 
Publication 2002/01 14322) in view of Huitema (IETF Working Document "MIDCOM 
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Scenarios"), further in view of Solle (US Publication 2003/0009561) and further in 
view of Elgebaly (US Publication 2002/0152325); and 

5. the rejection of claims 30 and 31 under 35 USC § 103(a) as being unpatentable over 
Xu (US Publication 2002/0114322) in view of Huitema (IETF Working Document 
"MIDCOM Scenarios"), further in view of Solle (US Publication 2003/0009561) and 
further in view of Collins (US Publication 2003/0055978). 

(vii) Argument 
Ground 1 

The Examiner has rejected Claims 1 to 3, 6 to 12, 15, 16, 18, 19, 23 to 25 and 27 as 
being unpatentable over Xu (US Publication 2002/0114322) in view of Huitema (IETF 
Working Document "MIDCOM Scenarios"), further in view of Solle (US Publication 
2003/0009561). Applicants respectfully disagree. 

Xu describes a conventional use of a middlebox. In Xu "each client remains registered 
with a proxy server" (emphasis). When a media session is initiated by a first client the 
first client "may provide the proxy server with which the first client is registered for 
example, with identity of the second client to which it would like initiate a media session". 
"The proxy server then interrogates the directory server to determine with which proxy 
server the second client 30(d) is registered... the two proxy servers then facilitate the 
exchange of messages for setting up the media session for communicating other 
messages representing media session negotiation between each of the first client and the 
second client", (paragraph 49). 

This is an analogous situation to that discussed in the background of the present 
application where middleboxes use a call server to obtain information of the middlebox 
associated with a client. 

Applicants submit that from this description and Figure 1 one skilled in the art would only 
learn to store a database on a proxy server or directory server of the IP address or proxy 
server respectively associated with a client using a middlebox. 

Thus, it is submitted that Xu does not disclose, at least, the features of: "using the 
middlebox identity providing node to determine the identity of a first middlebox connected 
to said one entity in its respective one of the plurality of address realms" or "sending said 
identity to a middlebox control node in the communications network in order to enable 
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said middlebox control node to send middlebox control messages to said first middlebox" 
wherein "the middlebox-identity-providing node is separate from the middlebox control 
node". 

The Examiner cites Huitema as disclosing that NATs are a type of middlebox. Applicants 
do not disagree with this interpretation. Indeed, it is noted that NATs are described as an 
example of a middlebox on page 1 line 13 of the instant application. 

Applicants submit however, that Huitema only discloses the features of a known 
middlebox. Thus, one skilied in the art, upon reading Huitema, would only learn to apply 
the disclosure of Xu using a standard middlebox. For example, page 8 of Huitema 
describes a call set up protocol where, in step 4, "the external server determines that the 
target of the invite is located in a specific external host. It relays the call to this host". 
Nowhere does Huitema disclose or even suggest how the external host is discovered. 

Thus, it is submitted that Huitema in combination with Xu does not disclose or even 
suggest "using the middlebox identity providing node to determine the identity of a first 
middlebox connected to said one entity in its respective one of the plurality of address 
realms" or "sending said identity to a middlebox control node in the communications 
network in order to enable said middlebox control node to send middlebox control 
messages to said first middlebox" wherein "the middlebox-identity-providing node is 
separate from the middlebox control node". 

The Examiner contends that Sollee discloses that a media portal, disposed between an 
NAPT module and an application server, acquires the public address of the 
corresponding NATs and propagates them to the application server. 

Applicants respectfully disagree. In Sollee a call set up process between is described. At 
the beginning of the call set up the NAPT "substitutes A private (the source address and 
port...) with A pub iic and forwards the modified packet containing the SIP INVITE message 
to the first applicati on server . Upon receiving the SIP INVITE message, the first 
application server locates the application server for the yyy.com domain (of enterprise 
device B) and engages the first media portal to prepare NAPT mappings for the call 
session" (paragraph 90 to 91 ). 
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The second application server upon receiving the SIP INVITE message from the first 
application server "locates Bfa>yw.com [the identity of enterprise device B] and engages 
the second media portal to reserve NAPT resources" (paragraph 111). "The second 
application server uses the X+NAPTAddressType parameter in the Create Connection 
message to inform the second media portal 45 to allocate respective NAPT (external and 
internal) addresses and ports to each endpoint"(paragraph 112). 

Thus it can be seen that application server 1 provides the first media portal with the NAPT 
identity for the first enterprise device and the second application server provides the 
second media portal with the NAPT identity for the second enterprise device. 

Applicants therefore submit that one skilled in the art, upon reading Sollee, would not 
learn to use a media portal to carry out the steps of "determining the identity of a first 
middlebox connected to said one entity in its respective one of the plurality of address 
realms". 

Applicants therefore submit that as none of the prior art documents cited by the Examiner 
disclose or even suggest an identity providing node used "to determine the identity of a 
first middle box connected to said one entity in its respective one of the plurality of 
address realms" or "sending said identity to a middlebox control node in the 
communications network in order to enable said middlebox control node to send 
middlebox control messages to said first middlebox." Claim 1 , therefore, would not have 
been rendered obvious by Xu, in view of Huitema, further in view of Sollee (US 
Publication 2003/0009561). 

Claim 18 recites the features of a "a middlebox-identity-providing node arranged to 
receive a control message comprising information about one of the entities and to 
determine the identity of a first middlebox connected to said one entity in its respective 
one of the plurality of address realms" and "a middlebox control node arranged to receive 
the determined identity of the first middlebox in order to enable said middlebox control 
node to send middlebox control messages to said first middlebox". Applicants therefore 
submit that Claim 18 would not have been rendered obvious in view of Xu, in view of 
Huitema, further in view of Sollee (US Publication 2003/0009561) for at least the reasons 
provided with reference to Claim 1 . 
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Claim 23 recites the features of "an input arranged to receive an input arranged to receive 
a control message comprising information about the identity of one of the middleboxes" 
and that "in use the middlebox control node is able to control the identified middlebox 
without the need to maintain its own store of information about the identities of the 
middleboxes and without the need to maintain its own discovery mechanism to discover 
the identities of the middleboxes". As discussed with reference to Claim 1 Xu, Huitema 
and Sollee all disclose the middlebox control node maintaining the information regarding 
middleboxes. Therefore the skilled person, upon reading the cited prior art would not 
learn to have a middlebox control node that is able to control the identified middlebox 
without the need to maintain its own store of information about the identities of the 
middleboxes. 

Therefore, Applicants submit that Claim 23 would not have been rendered obvious in 
view of Xu, in view of Huitema, further in view of Sollee. 

Claim 24 recites a middlebox-identity-providing node comprising "an input arranged to 
receive a control message comprising information about one of a plurality of entities in the 
communications network", "a processor arranged to determine the identity of a first 
middlebox connected to said one entity in a respective one of a plurality of address 
realms" and "an output arranged to send said identity to a middlebox control node in the 
communications network, said middlebox control node being located in a different 
address realm than that of said one of the entities; and wherein said middlebox-identity- 
providing node is arranged to be located in a control signal path from said one of the 
entities to the middlebox control node". Applicants therefore submit that Claim 24 would 
not have been rendered obvious in view of Xu, in view of Huitema, further in view of 
Sollee (US Publication 2003/0009561) for at least the reasons provided with reference to 
Claim 1. 

Claims 25 and 27 recite corresponding features to Claims 23 and 24. Applicants 
therefore submit that Claims 25 and 27 would not have been rendered obvious for at least 
the same reasons as Claims 23 and 24. 



Applicants submit that Claims 2, 3, 6 to 12, 15, 16 and 19 would not have been rendered 
obvious in view of Xu, in view of Huitema, further in view of Sollee (US Publication 
2003/0009561) by virtue of their dependencies. 



Ground 2 . 



Applicants submit that Handley does not disclose a middlebox identity providing node as 
recited in the independent claims. Hence, Applicants submit that Claims 4, 5, 20 and 29 
are patentable over Xu, in view of Huitema, further in view of Solle and further in view of 
Handley. 

Ground 3 . 

Applicants submit that Srisuresh does not disclose a middlebox identity providing node as 
recited in the independent claims. Hence, Applicants submit that Claim 13 is patentable 
over Xu, in view of Huitema, further in view of Solle and further in view of Srisuresh. 

Ground 4. 

Applicants submit that Elgebaly does not disclose a middlebox identity providing node as 
recited in the independent claims. Hence, Applicants submit that Claim 17 is patentable 
over Xu, in view of Huitema, further in view of Solle and further in view of Elgebaly. 

Ground 5 . 

Applicants submit that Collins does not disclose a middlebox identity providing node as 
recited in the independent claims. Hence, Applicants submit that Claim 13 is patentable 
over Xu, in view of Huitema, further in view of Solle and further in view of Collins. 

It has therefore been demonstrated above that the Examiner's rejections of the 
application are in error, and should be reversed. Such action is therefore solicited. 
March 5, 2008 Respectfully submitted, , 




Registration No. 26,935 
Barnes & Thornburg LLP 
P.O. Box 2786 
Chicago, Illinois 60690-2786 
(312) 214-4800 
(312) 759-5646 (fax) 
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Claims Appendix 



1 . A method of controlling one of a plurality of middleboxes in a communications 
network, each of the middleboxes being connected to a plurality of entities in a respective 
one of a plurality of address realms of the communications network, said method 
comprising the steps of:- 

(i) receiving a control message at a rniddlebox-identity-providing node 
in the communications network, said control message comprising 
information about one of the entities in the communications 
network; 

(ii) using the middlebox identity providing node to determine the 
identity of a first middlebox connected to said one entity in its 
respective one of the plurality of address realms; 

(iii) sending said identity to a middlebox control node in the 
communications network in order to enable said middlebox control 
node to send middlebox control messages to said first middlebox, 
said middlebox control node being located in a different address 
realm than that of said one of the entities; 

and wherein the mtddlebox-identity-providing node is separate from 
the middlebox control node and is located in a control signal path 
from said one of the entities to the middlebox control node. 

2. A method as claimed in claim 1 wherein said step (iii) of sending said identity 
comprises adding said identity to a control message and sending said control message. 

3. A method as claimed in claim 2 wherein additional information is also added to the 
control message. 

4. A method as claimed in claim 2 wherein said control message is a session 
description protocol (SDP) message. 

5. A method as claimed in claim 4 wherein said identity is added to an SDP message 
using a pre-specified SDP attribute. 
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6. A method as claimed in claim 1 wherein said control message is a call set-up 
message and said method further comprises sending middlebox control messages to said 
first middlebox in order to set-up a call from said one entity to another entity connected to 
a second middlebox in the communications network. 

7. A method as claimed in claim 6 wherein said second middlebox is connected to a 
plurality of entities in a second address realm different from the first address realm of the 
entities connected to the first middlebox. 

8. A method as claimed in claim 7 wherein the middlebox control node is within a 
third address realm different from the first and second address realms. 

9. A method as claimed in claim 8 wherein the third address realm is public. 

1 0. A method as claimed in claim 9 wherein the first and second address realms are 
private. 

11. A method as claimed in claim 1 wherein the middlebox-identity-providing node is 
selected from: one of the middleboxes; a gateway in the communications network; said 
one entity, being a user terminal in the communications network; and a gateway 
comprising a business services channel manager (BSCM). 

12. A method as claimed in claim 6 wherein said call passes through two or more 
middleboxes and wherein information about the identity of each such middlebox is added 
to said control message. 

13. A method as claimed in claim 1 wherein said middlebox control node is a 
MfDCOM agent. 

14. (cancelled) 

15. A method as claimed in claim 1 wherein each of the middleboxes is selected from 
a firewall, a network address translator (NAT), and a quality of service device. 

16. A method as claimed in claim 1 wherein said middlebox-identity-providing node is 
arranged to determine the identity of the first middlebox by using pre-specified 
information. 
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17. A method as claimed in claim 1 wherein said middlebox-identity-providing node is 
arranged to determine the identity of the first middlebox by automatically analysing the 
communications network. 

18. A communications network comprising; 

(i) a plurality of middleboxes, each connected to a plurality of entities in a 
respective one of a plurality of address realms of the communications 
network; 

(ii) a middlebox-identity-providing node arranged to receive a control 
message comprising information about one of the entities and to 
determine the identity of a first middlebox connected to said one entity 
in its respective one of the plurality of address realms; 

(iii) a middlebox control node arranged to receive the determined identity 
of the first middlebox in order to enable said middlebox control node to 
send middlebox control messages to said first middlebox; said 
middlebox control node being located in a different address realm than 
that of said one of the entities, said middlebox-identity-providing node 
being separate from the middlebox control node and being located in a 
control signal path from said one of the entities to the middlebox 
control node. 

19. A communications network as claimed in claim 18 wherein said middlebox- 
identity-providing node is further arranged to send said determined identity to the 
middlebox control node as part of a control message. 

20. A communications network as claimed in cfaim 1 9 wherein said control message 
is a session description protocol message. 

21 & 22. (cancelled) 

23. A middlebox control node arranged to control a plurality of middleboxes in a 
communications network, said middlebox control node comprising: 
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(i) an input arranged to receive a control message comprising 
information about the identity of one of the middleboxes; 

(ii) a processor arranged to issue messages to the identified 
middlebox in order to control it; such that in use the middlebox 
control node is able to control the identified middlebox without the 
need to maintain its own store of information about the identities of 
the middleboxes and without the need to maintain its own discovery 
mechanism to discover the identities of the middleboxes. 

24. A middlebox-identity-providing node for use in a communications network 
comprising a plurality of middleboxes, said middlebox identity providing node comprising: 

(i) an input arranged to receive a control message comprising 
information about one of a plurality of entities in the 
communications network; 

(ii) a processor arranged to determine the identity of a first middlebox 
connected to said one entity in a respective one of a plurality of 
address realms; 

(iii) an output arranged to send said identity to a middlebox control 
node in the communications network, said middlebox control node 
being located in a different address realm than that of said one of 
the entities; and wherein said middlebox-identity-providing node is 
arranged to be located in a control signal path from said one of the 
entities to the middlebox control node. 

25. A computer readable medium comprising program instructions arranged to control 
a middlebox control node, said middlebox control node comprising an input arranged to 
receive a control message comprising information about the identity of one of the 
middleboxes; and a processor arranged to issue messages to the identified middlebox in 
order to control it; such that in use the middlebox control node is able to control the 
identified middlebox without the need to maintain its own store of information about the 
identities of the middleboxes and without the need to maintain its own discovery 
mechanism to discover the identities of the middleboxes; 

the computer program comprising program code executable by the processor in 
order to enable the middlebox control node to: 
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receive a control message comprising information about the identity of 
one of the middleboxes; and to 

issue messages to the identified middlebox in order to control it. 

26. (cancelled) 

27. A computer readable medium comprising program instructions arranged to control 
a middlebox-identity-providing node, said middlebox identity providing node comprising 
an input arranged to receive a control message comprising information about one of a 
plurality of entities in the communications network; a processor arranged to determine the 
identity of a first middlebox connected to said one entity in a respective one of a plurality 
of address realms; and an output arranged to send said identity to a middlebox control 
node in the communications network, said middlebox control node being located in a 
different address realm than that of said one of the entities; and wherein said middlebox- 
identity-providing node is arranged to be located in a control signal path from said one of 
the entities to the middlebox control node; 

the computer program comprising program code executable by the processor in 
order to enable the middlebox identity-providing node to; 

receive a control message comprising information about one of a 
plurality of entities in the communications network; 

determine the identity of a first middlebox connected to said one entity; 
and 

send said middlebox identity to a middlebox control node in the 
communications network. 

28. (cancelled) 

29. A method ad claimed in claim 1 , wherein the first middlebox is arranged to act as 
two or more independent middleboxes and wherein the step of providing the identity of 
the first middlebox to the middlebox control node comprises providing the identity of the 
first middlebox and the identity of a particular middlebox functionality relating to one of 
said two or more independent middleboxes that is to be used. 
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30. A method as claimed in claim 1, wherein the middlebox identity providing node 
uses a discovery algorithm to automatically obtain information about the identity of 
middleboxes in the communications network. 

31 . A method as claimed in claim 1 , wherein the middlebox identity providing node 
uses a discovery algorithm to automatically obtain information about the identity of 
middleboxes in the communications network prior to one of the receiving and determining 
steps. 
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There is no such appendix. 



Evidence Appendix 
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Related Proceedings Appendix 

There is no such appendix. 
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